2096 matches found
PT-2025-52735
Name of the Vulnerable Software and Affected Versions Membership Plugin – Restrict Content versions up to and including 3.2.15 Description The Membership Plugin – Restrict Content plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'register form' and 'restrict'...
CVE-2025-14054
CVE-2025-14054 concerns WC Builder – WooCommerce Page Builder for WPBakery (WordPress). The vulnerability is a Stored Cross-Site Scripting in the wpbforwpbakery_product_additional_information shortcode, triggered by the heading_color parameter (and other styling params). Affected products/version...
CVE-2025-68079
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeNectar Salient Shortcodes salient-shortcodes allows Stored XSS.This issue affects Salient Shortcodes: from n/a through = 1.5.4...
EUVD-2025-203539
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeNectar Salient Shortcodes salient-shortcodes allows Stored XSS.This issue affects Salient Shortcodes: from n/a through = 1.5.4...
CVE-2025-68079
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeNectar Salient Shortcodes salient-shortcodes allows Stored XSS.This issue affects Salient Shortcodes: from n/a through = 1.5.4...
CVE-2025-68079 WordPress Salient Shortcodes plugin <= 1.5.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeNectar Salient Shortcodes salient-shortcodes allows Stored XSS.This issue affects Salient Shortcodes: from n/a through = 1.5.4...
CVE-2025-68079 WordPress Salient Shortcodes plugin <= 1.5.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeNectar Salient Shortcodes salient-shortcodes allows Stored XSS.This issue affects Salient Shortcodes: from n/a through = 1.5.4...
CVE-2025-68079
CVE-2025-68079 affects the WordPress Salient Shortcodes plugin (versions from n/a up to and including 1.5.4). The issue is a Stored XSS due to improper neutralization during web page generation in salient-shortcodes. Impact per provided metrics: CVSSv3.1 base score 6.5 (MEDIUM), with network atta...
WordPress plugin Salient Shortcodes 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-51459
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeNectar Salient Shortcodes salient-shortcodes allows Stored XSS.This issue affects Salient Shortcodes: from n/a through = 1.5.4...
CVE-2025-14143
The Ayo Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'color' parameter of the ayoaction shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-13885
The Zenost Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' and 'target' parameters in the button shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
EUVD-2025-203010
The Ayo Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'color' parameter of the ayoaction shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-14143
The Ayo Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'color' parameter of the ayoaction shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-13885
The Zenost Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' and 'target' parameters in the button shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2025-13885 Zenost Shortcodes <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Zenost Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' and 'target' parameters in the button shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
EUVD-2025-202970
The Zenost Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' and 'target' parameters in the button shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2025-13885 Zenost Shortcodes <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Zenost Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' and 'target' parameters in the button shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2025-13885
Zenost Shortcodes (WordPress) contains a Stored XSS (CVE-2025-13885) in the button shortcode via link and target parameters for all versions up to 1.0. Exploitation requires authenticated access at Contributor+ level, enabling injection of scripts on pages that execute when users view the injecte...
CVE-2025-14143 Ayo Shortcodes <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute
The Ayo Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'color' parameter of the ayoaction shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...